LCS - Using Web Analytics for apps within Health Care Component

Developers with applications that are considered part of Health Care Component should verify whether web analytics are allowed.

Is your application a privacy compliance risk?
- Details

Is your application a privacy compliance risk?

Contact the Office of Compliance if these three conditions apply, as the data collection process may be a privacy compliance risk:

1. Your application is considered inside the Health Care Component, and
2. Your application pages require authentication (e.g. NetID), and
3. Your application is using, or are thinking about using, Web Analytics. (e.g. Google Analytics)

Details

The Office of Compliance has determined that the US Federal guidance on HIPAA compliance concerns when using web analytics technology (specifically Google Analytics) does not apply to any unauthenticated web pages/applications using web trackers such as Google Analytics. However, that guidance does apply to any authenticated pages/applications within the UW-Madison’s Health Care Component. Because determining HIPAA compliance is not always straightforward, the DoIT project team and Office of Compliance is asking IT Services where Google Analytics is an option to request application developers/managers to seek guidance before adopting that usage.

Keywords:

google analytics, web analytics, HIPAA

Doc ID:

143105

Owned by:

Jeanne H. in Low Code Solutions

Created:

2024-10-17

Updated:

2024-10-17

Sites:

DoIT Enterprise Business Systems - Low Code Solutions

0 0 Comment Suggest new doc